Despite the data privacy protections supposedly conferred by regulations like HIPAA and HITECH, consumers’ confidential health and personal information is still not safe enough. That’s the lesson to be learned from Franklin, TN-based Community Health Systems’ (CHS) August 18 regulatory...

For retailers everywhere, it’s a challenging new day. Security threats are a constant – both inside their four walls and out. The big security breaches we hear about on the news; the smaller ones sometimes not. But their impact remains costly to us all. The need for mobility, rapidly e...

We show you how to dig deep to find hidden and covert processes, clandestine communications, and signs of misconduct on your network.
In a previous article [1], I described how to obtain a memory image from a Windows computer that would allow forensic analysis. I briefly discussed us...

In a Feb 2014 survey, 94 percent of organizations surveyed reported running applications or experimenting with infrastructure-as-a-service[1]. According to research firm Nasumi, there is over one exabyte currently stored in the cloud. An exabyte is over a billion GB[2]. Considering the...

Encryption is a key element of a complete security strategy. The 2013 Global Encryption Trends Study shows a steady increase in the use of encryption solutions over the past nine years. Thirty-five percent of organizations now have an encryption strategy applied consistently across the...

Ransomware is the latest example of the increasingly sophisticated and damaging inventions of hackers. Individuals and organizations of all sizes are finding that their data has been locked down or encrypted until a ransom is paid. One program, CryptoLocker, infected more than 300,000 ...

The cloud has hit the mainstream. Businesses in the United States currently spend more than $13 billion on cloud computing and managed hosting services, and Gartner projects that by 2015, end-user spending on cloud services could be more than $180 billion worldwide. It is estimated tha...

Despite all the news about hackers infiltrating major corporations, most businesses continue to leave themselves woefully unprotected. Some surveys estimate more than 70% of businesses perform vulnerability tests on less than 10% of their cloud, mobile and web applications. A majority ...

The threats facing network operators all over the world, spanning service providers, enterprises, cloud and hosting providers and mobile operators alike, are by no means stalling. While optimism is always the name of the game, we know all too well in security that trying to keep pace w...

Incident response involves addressing and managing the security events on a network and the execution of proper responses to those events. The end game is to limit the damage and reduce recovery time and costs. This is achieved with the implementation of an incident response plan tha...

The online world has become a dangerous place. According to a survey, 90 percent of all companies fell victim to a security breach in the last twelve months. Hacking and advanced persistent threats (APTs) have rendered the two-factor authentication token, now over 20 years old, essenti...

We’ve written before about some of the high-profile data breaches occurring in recent months – security breaches that cause some to question the safety of the cloud to store and/or process sensitive data. It seems these stories are reported with increased regularity (sometimes delayed,...

We’ve distilled lessons learned from Snowden scandal and created 5 questions every CEO should be asking their CIO / CISO in order to avoid a catastrophic rogue insider event in the private sector both in using cloud as a vector of exfiltration as well as protecting their data stored in...

Lately we have seen a lot of articles discussing how easy Disaster Recovery in the cloud is but very few of those put the emphasis on talking about the basics of Disaster Recovery and educating customers on why they should be thinking about it. There are six myths that needs to be addr...

With large security breaches constantly in the news, businesses are rightly concerned about security. Thankfully, big data and machine learning can work together to help.
They read like a list of horror stories for businesses big and small alike. Sony’s PlayStation Network is hacked t...

Until this week the biggest anxiety when dealing with eBay has likely been fretting over a negative rating, concerns about slow shipping or a delayed refund. Then suddenly yesterday the media jumped all over the story that eBay had been hacked and users need to change their passwords. ...

Risk-conscious enterprises across the globe have been reluctant to embrace the public cloud model. For many, compliance requirements are the source of the reluctance. For others, concerns about ceding control of their data to a cloud service provider, without the cloud service provider...

Last month, the Information Security Forum released their annual prediction of the top 10 information security threats they foresee for the next two years – through 2016. While I found the entire list insightful, half of the list resonated strongly with me as someone who is working wit...

Heartland, based in Princeton, New Jersey, has improved governance results in innovative ways across the organization, thanks to both security best practices and HP Fortify tools.
Heartland Payment Systems has successfully leveraged software-assurance tools and best practices to driv...

There are two pieces of good news to come out of Heartbleed. First, we haven’t heard of any significant security breaches, which mean that the industry as a whole is getting better at fixing problems as they arise.
The second is that, because Heartbleed presented every single cloud pr...

One challenge more and more enterprises are grappling with as they plan to adopt the cloud is data residency & sovereignty. They are finding that if they want to use a cloud service hosted outside of their borders, life can become quite complex. Perhaps it is a result of the often disc...

As recent events have confirmed once again, no single company, organization or government is up to the task of securing the Internet. The never-ending cat and mouse game of exploits chasing vulnerabilities continues. The stunning Heartbleed discovery has shaken the online security esta...

There has been a lot of media attention on Heartbleed and as always that means a lot of bizarre and often conflicting advice. I sat down (for a very long time) to find the truth of the matter and bring it together in one single article for those involved in enterprise mobility.
"The ...

Securing your data comes down to making both physical and virtual changes to your data center. From interior and exterior surveillance systems to software that detects system-level changes across remote and distributed locations, you must make use of any and all available strategies to...

Banks face a difficult tug-of-war every day. Consumers demand innovative new services – regulators demand security, compliance and soundness of all offerings. How can a bank resist being pulled in every direction and find a middle ground?
Banks can look to startup technology companies...

Cloud computing brings a myriad of benefits for any enterprise, but it is also a cause for concern in a world where, according to InformationWeek, cyber criminals are now targeting "any company where they can find data to resell, disrupt or exploit."
Moving your company's sensitive da...

Recording and maintaining good evidence of testing is growing more important all the time. The ability to document what actually happened during the development of hardware or software is vital in many industries. Medical equipment is a great example, as any failure could lead to unexp...

Finansbank in Istanbul has developed an impressive record of managed risk and deployments, with an eye to greater automation over time.
Governance, risk management and compliance (GRC) form a top-tier of requirements for banks anywhere in the world as they create and deploy applicatio...

Rob Wigley is Director, Cybersecurity Consulting Services at HP Enterprise Services, U.S. Public Sector. He has more than 30 years of information technology experience supporting manufacturing, high tech, healthcare, and public sector market segments. For the last 10 years, he has focu...

Global information technology networks that are rich in services are typically complex and require hard-to-manage security solutions. The latest versions of next-generation firewalls now offer multiple security layers that can complicate management, particularly as more and more featur...

Savvy organizations, HP among them, are turning to preventing attacks, rather than just detecting them and remediating them.
The high cost of unwanted intrusion and malware across corporate networks is well known. Less talked-about are the successful ways that organizations are thwart...

Many news organizations including The Washington Post are reporting that the latest documents leaked by former NSA contractor turned whistleblower Edward Snowden show the NSA is in the early stages of working to build a quantum computer that could possibly crack most types of encryptio...

Computer security has become much harder to manage in recent years, and this is due to the fact that attackers continuously come up with new and more effective ways to attack our systems. As attackers become increasingly sophisticated we as security professionals must ensure that they ...

As regulatory oversight across the financial landscape continues to drive greater transparency and stricter penalties, outsourcing to the private cloud has become an integral resource for hedge fund and private equity managers. Cloud infrastructure services are now synonymous with incr...

Like millions of other Americans, I learned the other night about the massive data breach at Target. The Washington Post is reporting that sensitive details on over 40 million credit and debit cards were exposed. While the information associated with the crime is still coming out, the ...